How businesses can work strategically on IT security
The more a business is digitalised, the greater the threat from cyber criminals. The digital risk can be reduced by a number of measures and an expert partner, and the first step is to put IT security on the agenda at management level.
“Prioritising IT security is important for many reasons – not least as a competitive advantage,” says Mattias Jadesköld, IT Architect at Nordlo.
IT security has long been viewed as being in contrast with innovation, a millstone that prevents digital development, but Mattias believes that this doesn’t need to be the case. Security and innovation can exist in harmony with each other, but you need to be aware that new technology always involves a degree of risk. In the event of a breach, it’s usually not only individual applications that are affected, but increasingly it concerns large parts of a business. This is why this area needs to be prioritised at management level, explains Mattias Jadesköld.
To analyse the degree of digital risk that companies are exposed to, there are several measures to begin with.
“First and foremost: make sure that IT is on the management agenda. Then you need to perform a classification exercise, in which you review the information you possess and how much protection it needs. Then perform a risk assessment based on the correct measurement points – i.e. the costs,” he says.
”It’s easiest when you have a partner who’s familiar with the business, who can identify threats and perform an assessment of what action needs to be taken”
Drawing up a continuity plan
One important element of security work is to understand your own unique threat profile, so you can create security around this. Nordlo works closely with its customers, with the aim of always having a good understanding and a clear overview of the customer’s entire business. It is thanks to this understanding that the basis for a relevant continuity plan can then be created, in which different scenarios are presented to show the consequences of a possible operational shutdown in the business. Mattias Jadesköld refers to this as “the first piece of homework about digital commercial risk”.
“After an exercise like this, you see what it costs if something happens and, even more importantly, what the customer needs to do to get the business back on its feet after a shutdown.”
Business intelligence is a must
The connected world, combined with accelerated digitalisation, geopolitical uncertainty, and a worsening security situation, both locally and globally, means that attacks are increasingly taking place in the supply chain. This puts more responsibility on both sellers and buyers, and it’s critical that Swedish companies and organisations consider which risks the business is exposed to. Continuous work to combat threats is therefore crucial, but there must be an awareness that it’s only a matter of time before your business is subjected to an attack – when, not if.
“Business intelligence is a must. It’s easiest when you have a partner who’s familiar with the business, who can identify threats and perform an assessment of what action needs to be taken,” says Mattias Jadesköld.
Read more in our blog about four simple ways to increase your it security